RSS   Vulnerabilities for
'Suse lifecycle management server'
   RSS

2014-04-16
 
CVE-2011-0993

 

 
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

 
2013-12-23
 
CVE-2013-3709

CWE-264
 

 
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

 
2013-12-10
 
CVE-2013-7042

CWE-264
 

 
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.

 
 
CVE-2013-3710

CWE-310
 

 
SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

 
2010-09-03
 
CVE-2010-1325

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.

 

 >>> Vendor: Novell 110 Products
Web server
Netware
Http server
Groupwise
Unixware
Bordermanager
Client
Netware ftp server
Groupwise webaccess
Web search
Netmail
Netmail xe
Emframe
Small business suite
Edirectory
Netware client
Ichain
Zenworks desktops
Imanager
Internet messaging system
Client firewall
Linux desktop
Nsure audit
Zenworks
Zenworks remote management
Zenworks server management
Zenworks servers
Open enterprise server
Zenworks patch management server
Groupwise messenger
Imonitor
Identity manager
Zenworks asset management
Apache http server
Access manager identity server
Access manager
Securelogin
Extend director
Modular authentication service
Client login extension (cle)
Opensuse
Zenworks endpoint security management
Opensuse swamp
Zenworks patch management update agent
Challenge response client
Novell client for windows
Apparmor
Iprint
Iprint client
Novell forum
Zenworks desktop management
Identity manager roles based provisioning module
User application
Teaming
Suse linux
Netidentity client1.2.3
Suse linux enterprise server
Suse lifecycle management server
Zenworks configuration management
Moonlight
Zenworks handheld management
Vibe onprem
Zenworks configuration manager
Iprint open enterprise server
Opensuse build service
File reporter
Suse linux enterprise
Opensuse factory
Identity manager user application
Xtier framework
Data synchronizer
Mobility pack
File reporter engine
Suse studio onsite
Cloud manager
Iprint open enterprise server 2
Messenger
Sentinel log manager
Suse audit log keeper
Zenworks mobile management
Kanaka
Suse linux enterprise desktop
Libzypp
Suse linux software development kit
Suse manager
Suse linux enterprise for sap applications
Suse cloud
Suse linux enterprise software development kit
Suse linux for vmware
Suse linux sdk
LEAP
FILR
Service desk
Suse linux enterprise module for legacy software
Suse manager proxy
Suse openstack cloud
Suse package hub for suse linux enterprise
Suse linux enterprise debuginfo
Suse linux enterprise real time extension
Suse linux enterprise live patching
See all Products for Vendor Novell


Copyright 2019, cxsecurity.com

 

Back to Top